A critical zero-day vulnerability has been disclosed in the Gemini MCP Tool, enabling unauthenticated remote attackers to execute arbitrary code on vulnerable installations without requiring user interaction or authentication. The vulnerability, tracke…

A high command injection vulnerability has been discovered in TP-Link’s Archer MR600 v5 router, enabling authenticated attackers to execute arbitrary system commands through the device’s admin interface. The flaw, tracked as CVE-2025-14756,…

A critical vulnerability in the vm2 JavaScript sandbox library (versions ≤ 3.10.0) enables attackers to bypass sandbox protections and execute arbitrary code with full system privileges. The flaw exploits improper sanitization of Promise callback funct…

Approximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relyin…

The threat actors have begun actively exploiting a critical authentication bypass vulnerability in GNU InetUtils telnetd immediately after proof-of-concept code became publicly available. The flaw allows remote attackers to gain root access without aut…

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a critical vulnerability in its LiteSSL ACME service. The flaw, disclosed on January 21, 2026, permitted the reuse of domain validation data across different ACME accounts, allow…

The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76…